Singapore Cloud Security Summit 2025

Beyond Compliance: Building Cyber Resilience in Cloud-First Financial Services

• Moving from reactive controls to proactive cloud security strategies
• Using automation to drive actionable, real-time cyber defense
• Positioning security as a business enabler, not a blocker
• Creating a flexible cyber playbook that scales with regulation and growth

Enterprise applications are deployed across a wide range of cloud environments, each with their own security controls of various capabilities. In the meantime, the threat landscape for web applications has become increasingly sophisticated, and has seen common threats like Bot, DDoS, and Application attacks persist and grow in complexity.

• The evolving nature of Bot, DDoS, and Layer 7 application attacks — and why they continue to succeed
• Architecting a consistent security inspection and enforcement layer at the edge, independent of origin infrastructure
• Leveraging DevOps tools like Terraform and GitHub to automate the deployment of security controls as part of the CI/CD pipeline

Cloud security in Singapore is entering a new era—defined by tighter regulations, growing threat complexity, and rising dependence on hyperscale infrastructure. In this session, we’ll unpack:

• Implications of the Digital Infrastructure Act and updated MAS outsourcing guidelines on cloud operations and vendor oversight.
• How organisations can future-proof encryption and data protection against emerging quantum computing threats.
• Addressing the security and governance challenges of deploying AI-driven systems in regulated cloud environments.
• Understanding the push for data localisation, sovereignty, and its impact on multicloud and infrastructure decisions.

In this innovative session, attendees will be faced with a series of scenarios that they may face in their roles. Attendees will discuss the possible courses of action with their peers to consider the ramifications of each option before logging their own course of action. 

Results will be tallied and analysed by our session facilitator and results will impact the way the group moves through the activity.

Will we collectively choose the right course of action?

Cloud-first organisations across Asia are experiencing a rise in Business Email Compromise (BEC), vendor fraud, and social engineering attacks that evade traditional email security. In this session, we’ll demo how modern cloud security teams can detect and stop these advanced threats—without rule maintenance, user disruption, or signal fatigue.

• Why BEC Keeps Winning in Cloud-First Environments
  Explore how attackers exploit trust, app integrations, and identity gaps to bypass standard controls.
• Replacing Rules with Risk-Based Detection
  See how behavioural AI learns normal user and vendor behaviour to detect anomalies without tuning.
• Real-World Attack Paths and Response
  Walk through recent examples of vendor fraud and internal impersonation stopped by Abnormal’s platform.
• Scalable Defence for Lean Teams
  Learn how cloud-native teams reduce risk with automated investigation and low-touch workflows.

‍

As OT and IT systems converge, critical infrastructure faces mounting risks. This session shares how one team secured distributed, global environments while balancing resilience, agility, and compliance.

• Mapped risk across complex OT/IT environments to identify critical dependencies and exposure
• Scaled least privilege and segmentation to limit lateral movement and reduce blast radius
• Built governance frameworks that aligned global policy with local regulatory demands
• Applied real-world incident response lessons to strengthen controls and reduce response time

Modern development teams rely heavily on open source, but managing risk across a sprawling, fast-moving software supply chain has become increasingly complex. This session unpacks how one organisation implemented effective controls and visibility into open source usage—without sacrificing developer velocity.

• Identifying hidden vulnerabilities and license risks early in the development cycle across thousands of OSS components
• Building automated guardrails that enforce policy without disrupting workflows
• Creating transparency across development, security, and legal teams to align on risk tolerance
• Lessons learned scaling secure development practices across multiple teams and regions

Singapore’s proposed Digital Infrastructure Act aims to regulate cloud and data centre operators as critical infrastructure. This session explores what organisations need to know now to prepare for heightened expectations around resilience, incident response, and security controls—before the law comes into force.

• What key requirements are expected under the new Digital Infrastructure Act?
• How will the Act shift risk, accountability, and oversight expectations?
• What should CSPs and customers do today to prepare?
• How will this regulation affect procurement and cloud strategy in 2025?

Roundtable Discussions:

‍
Choose 1 topic to join on the day!

1. Should We Sack the SEG? Moving into AI-Powered Email Security in 2025.
2. Enhanced Strategies for Monitoring and Remediation of Cloud Misconfigurations
3. Building Trust in Open Source: Managing Risk Without Slowing Development
4. Securing Hybrid-Cloud Deployment Models
5. Securing the Software Supply Chain End-to-End
6. Cloud Incident Response: Lessons Learned from Real Breaches
7. AI and Automation for Proactive Cloud Defense
8. Misconfigurations at Scale: Preventing the Preventable

As cloud adoption accelerates, Singapore must redefine accountability across regulators, providers, and customers. Who owns the risk—and who answers when things go wrong?

• Is shared responsibility outdated in 2025’s cloud ecosystem?
• What must every cloud SLA include moving forward?
• Who’s liable when outages or breaches impact customers?
• How can customers gain control without owning infrastructure?